By Eduard Kovacs on October 28, 2014
Cybercriminals using the Dridex banking Trojan to steal sensitive information from Internet users have changed the way they are distributing the malware, according to researchers from Palo Alto Networks.
Dridex, which is a successor of the Cridex/Feodo/Geodo Trojans, was first spotted in July. The threat is used by cybercriminals to obtain the information they need for fraudulent bank transactions.
Until recently, Dridex was mostly distributed via executable files attached to spam emails. However, researchers at Palo Alto Networks noticed that cybercriminals have started delivering the threat with the aid of macros placed inside innocent-looking Microsoft Word documents.
Full Article
+54Danielle Walker, Senior Reporter November 06, 2014
http://media.scmagazine.com/images/2014/11/06/501614437_682412.jpg?format.jpg&zoom=1&quality=70&anchor=middlecenter&width=320&mode=pad
Trend Micro detailed the malware variant and attackers' delivery techniques. The proliferation of the Bugat trojan, also known as “Cridex,” put the threat among the top banking botnets last year – and now researchers warn that its so-called successor, “Dridex,” is targeting users via social engineering schemes.
In a new campaign detailed by Trend Micro, fraudsters are using Dridex to prey on bank customers primarily located in Australia, the UK and U.S. But instead of relying on the BlackHole exploit kit, as was the delivery mechanism of choice for Cridex, scammers spread Dridex by way of Microsoft Word documents containing malicious macro code.
In the attacks, cybercriminals crafted phishing emails so that they appeared to contain invoices from legitimate financial institutions, Trend Micro said.
Full Article
http://media.scmagazine.com/images/2014/11/06/501614437_682412.jpg?format.jpg&zoom=1&quality=70&anchor=middlecenter&width=320&mode=pad
Trend Micro detailed the malware variant and attackers' delivery techniques. The proliferation of the Bugat trojan, also known as “Cridex,” put the threat among the top banking botnets last year – and now researchers warn that its so-called successor, “Dridex,” is targeting users via social engineering schemes.
In a new campaign detailed by Trend Micro, fraudsters are using Dridex to prey on bank customers primarily located in Australia, the UK and U.S. But instead of relying on the BlackHole exploit kit, as was the delivery mechanism of choice for Cridex, scammers spread Dridex by way of Microsoft Word documents containing malicious macro code.
In the attacks, cybercriminals crafted phishing emails so that they appeared to contain invoices from legitimate financial institutions, Trend Micro said.
Full Article
By Brian Prince on January 07, 2015
Researchers at Trustwave have identified an attack campaign using macros that is targeting banking customers in the U.K. – yet another example of attackers leveraging the technique.
The attack works this way – the victim gets an email with a Microsoft Word or Excel document attached. The document includes a payload that downloads malware called 'Dridex', which is designed to target online banking information. The attacks lure the victims to open the attachment by using the names of legitimate companies located in the U.K. Some of the emails refer to an 'attached invoice' by stating it comes from a software company, online retailer or bank.
Once the user opens the attachment, Dridex malware is installed. Users must enable macros in order for the malicious documents to work, and the some of the documents contain instructions on how to do just that.
"The cybercriminal group behind this attack has used every single type of spam attack and malware propagation vector; from simple malware attachments, links in the message body that point to an exploit kit landing page, malicious PDF attachments and document macros, etc," said Rodel Mendrez, Security Researcher at Trustwave. "I think the bad guys spamming out these malicious document macros in combination with social engineering found out that this attack is as effective as other types of spam attacks. full article
Researchers at Trustwave have identified an attack campaign using macros that is targeting banking customers in the U.K. – yet another example of attackers leveraging the technique.
The attack works this way – the victim gets an email with a Microsoft Word or Excel document attached. The document includes a payload that downloads malware called 'Dridex', which is designed to target online banking information. The attacks lure the victims to open the attachment by using the names of legitimate companies located in the U.K. Some of the emails refer to an 'attached invoice' by stating it comes from a software company, online retailer or bank.
Once the user opens the attachment, Dridex malware is installed. Users must enable macros in order for the malicious documents to work, and the some of the documents contain instructions on how to do just that.
"The cybercriminal group behind this attack has used every single type of spam attack and malware propagation vector; from simple malware attachments, links in the message body that point to an exploit kit landing page, malicious PDF attachments and document macros, etc," said Rodel Mendrez, Security Researcher at Trustwave. "I think the bad guys spamming out these malicious document macros in combination with social engineering found out that this attack is as effective as other types of spam attacks. full article
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.